Google Forks OpenSSL, Announces BoringSSL

An anonymous reader writes Two months after OpenBSD's LibReSSL was announced, Adam Langley introduces Google's own fork of OpenSSL, called BoringSSL. "[As] Android, Chrome and other products have started to need some subset of these [OpenSSL] patches, things have grown very complex. The effort involved in keeping all these patches (and there are more than 70 at the moment) straight across multiple code bases is getting to be too much. So we're switching models to one where we import changes from OpenSSL rather than rebasing on top of them. The result of that will start to appear in the Chromium repository soon and, over time, we hope to use it in Android and internally too." First reactions are generally positive. Theo de Raadt comments, "Choice is good!!."

Yaaaay!

[Anonymous Coward]

Just what I needed this Saturday, the announcement of yet another implementation of SSL by people I do not to trust

oh joy, oh rapture, etc. etc. etc.

Re:

[TheGratefulNet]

right. google IS the premier spy company. they want ALL your data.

and so, we are supposed to trust google on things about SECURITY and where user TRUST is involved?

scuze me??

Re:Yaaaay!

[grub]

Google SSL... Now with a side channel for ads.

Re:Yaaaay!

[Megane]

Yes. Because they don't want anyone else to have that data that they have gone to such effort to collect.

Or at least not without paying for it.

Re:

[Opportunist]

I prefer to eat capitalists.

Re:

[danomac]

What do you do about the aftertaste afterwards?

Re:

[armanox]

Vodka, comrade

Re:

[Zeek40]

You expect to be billed for it. With interest.

Re:

[Opportunist]

Who said I'll pay?

Re:

[Zeek40]

The debtor's prisons [thinkprogress.org] that we've started running. Because we've reverted a medieval mentality.

Re:

[Opportunist]

Considering how that eventually ended, I'd start watching over my neck if I was part of the modern aristocracy.

It might be missing suddenly.

Re:

[swillden]

Yes. Because they don't want anyone else to have that data that they have gone to such effort to collect.

Or at least not without paying for it.

FYI, Google does not sell user data.

Re:

[martin-boundary]

If they end up having a monopoly on the information, they can just sell it to others after they've collected it. So end effect is, lots of people have your data, but Google gets to profit from it TWICE. Way to go, knucklehead. Once the fox is allowed into the henhouse, it's game over. The only winning move is to kill the fox.

Re:Yaaaay!

[spectrumlogic]

Isn't is about time we acknowledge the corporate cleansing ritual of open source participation also contributes to the gentrification of peer communities...and it might be a bit more complex than simply an unintended consequence? The traditional conflict set between open source and corporate collaboratives persist with the possible driver that open source is now broadly recognized as an effective competitive method. As a more or less direct result, monetized communities like OpenSSL will be presented with t

Choice is good

[manu0601]

Choice is good, but I am not sure whether mess is good too. How much time before the OpenSSL forks get incompatibles API?

Re:Choice is NOT ALWAYS good

[colfer]

BoringSSL is a great name and directly addresses what got OpenSSL into trouble most recently, implementing a new protocol parameter based on a student's idea for a degree thesis. Innovation for innovation's sake, that was. Hurriedly applied for some reason.

And it's not something a website would "use," if you mean a high level protocol akin to "https." It's a library to implement common standards.

Re:Choice is NOT ALWAYS good

[NotInHere]

Compare email (you can choose your provider, but regardless, you can email anyone) vs. social networking (if you choose Facebook and your friend is the one person on Google+, you're out of luck)

That's one of the reasons why I have email, jabber, and sms (and webrtc), but no social network.

Re: Choice is NOT ALWAYS good

[aojensen]

If I recall correctly, OpenSocial tried to solve exactly that problem?

Re: Choice is NOT ALWAYS good

[aojensen]

If I recall correctly, OpenSocial tried to solve exactly that problem? http://opensocial.org/ [opensocial.org]

Re:

[neoform]

I'd assume once a clear winner is chosen as to which is better...

I don't see the open source SSL library 'market' being the next browser war where incompatibility makes one product win over another...

Re:

[Noah Haders]

problem is if one solution is good for everybody but google implements boringssl in all their services and products, then everybody will be using boringssl regardless.

Re:What a name!

[ArcadeMan]

I was about to write a witty reply to your comment, however the result would not have been interesting, tedious to read, dull, monotonous, repetitive, unrelieved, unvaried, unimaginative, uneventful, characterless, featureless, colorless, lifeless, insipid, uninteresting, unexciting, uninspiring, unstimulating, uninvolving, unreadable, unwatchable, jejune, flat, bland, dry, stale, tired, banal, lackluster, stodgy, vapid, monochrome, dreary, humdrum, mundane, mind-numbing, wearisome, tiring, tiresome, irksome, trying, frustrating, informaldeadly, ho-hum, dullsville, dull as dishwater, plain-vanilla and as boring as a one-man play.

Re:

[ChunderDownunder]

jejune, must remember that one...

Re:What a name!

[Anonymous Coward]

they call it BoringSSL because it contains a backdoor tunneling protocol.

Re:

[Anonymous Coward]

All I say is OUCH!

Re:

[marcello_dl]

> they call it BoringSSL because it contains a backdoor tunneling protocol.

In fact, I was thinking: "Boring, my ass", but I didn't know exactly why.

Re:

[AchilleTalon]

NSA decided to follow Google's path and annouced a fork of OpenSSL, they will call the new fork SuckingSSL. First reactions are generally positive.

Re: What a name!

[Terrasque]

You mean FreedomSSL?

And response from security people have either been very positive or they weren't available for comment right now.

Re:What a name!

[swillden]

First reactions are generally positive. Theo de Raadt comments, "Choice is good!!."

The name "BoringSSL."

I am finding extreme difficulty in liking this name choice. What was Google thinking? Am I alone?

It's not "What was Google thinking?", it's "What was Adam Langley thinking?". As for what he was thinking, it's pretty simple: Fundamental security components like SSL/TLS should be very, very boring. They're not a place for innovation and experimentation, they're not a place for clever code that demonstrates the author's virtuosity (assuming there is any such place, outside of Obfuscated C contests). They're not a place for exploration of how the C preprocessor can be used to automatically generate much of the codebase (which is something that OpenSSL has done). They're where you want very simple, straightforward, boring implementations of industry best practice algorithms and protocols.

When it comes to security, boring is good.

As Langley said in his blog post [imperialviolet.org], the name is aspirational. But it is his goal, to produce a security library which is completely boring. And it's a good thing.

Look at your own code

[Anonymous Coward]

Look at the code you wrote yourself 10-20 years ago.

The simple boring code you still understand and still can compile and use today.

Now look at the code where you put in every trick in the book and then some. Can you understand? Does it compile today? Does it even have a useful function to use today? Is it bug free after all this time?

Unless you did a good job documenting it I am betting there is a no to one of those questions.

Re:

[Qzukk]

To put it bluntly, heartbleed was exciting and in security, exciting is bad.

Yup - ExcitingSSL is NOT what you want

[billstewart]

No surprise.

Re:

[Prof.Phreak]

Yes, it's hard to get excited about BoringSSL.

How will they address the attitude problem?

[Anonymous Coward]

A huge part of the problem with OpenSSL is the attitude that anyone but the "Anointed Few" are discouraged from getting involved with security research or the development of cryptographic software.

I know we're all familiar with the common saying, "Never roll your own crypto!" It's this attitude that drives good people away from even just analysing existing crypto code. Nobody wants to feel the unrelenting wrath of the security community toward outsiders, especially if you happen to find a flaw with somethin

Re:How will they address the attitude problem?

[colfer]

Maybe by assigning people to the project who have not chosen security as a career field. On the Mozilla commits I used to follow, the personalities in the security arena were a different kettle of fish from the other developers. They had to maintain FIPS compliance, so were conservative about changes, but it was more than that. Not to mention, there's a possibility of workers with ulterior motives. All the more reason to develop a wider community than just self-selected specialists.

The billion dollar companies can afford it, and should have a long time ago.

Re:

[Anonymous Coward]

. They had to maintain FIPS compliance, so were conservative about changes

IIRC OpenSSL also had to maintain FIPS compliance, it was one of the excuses used to claim why the very limited manpower wasn't used to improve actual security.

Re:

[Anonymous Coward]

Don be ridiculous. Nobody is preventing you from reading the source code of FOSS crypto libraries. If you somehow manage to find a flaw and explain how it is a flaw (it isn't always obvious), there won't be an "unrelenting wrath of the security community toward outsiders" against you.

If you want to use libraries written by amateurs that is your problem. That makes as much sense as getting a random person to fix a complex problem in your car because you think mechanics are hostile toward people who have no i

Re:

[Hognoxious]

How will Google avoid this aspect of the problem?

By putting such a horrible UI on it that nobody uses it. And then dropping it in about 6 months.

Worrysome

[Virtucon]

Google forking OpenSSL into their own brand of NSA friendly, privacy snooping SSL. Why not just help the OpenSSL folks strengthen an already great product and assist in regression testing and validation as well? No grow your own and fragment the community you say?

Re:Worrysome

[drinkypoo]

Diversity is good, especially if they wind up diverging and actually being diverse. Not all implementations wind up being vulnerable to the same attacks, except when there are weaknesses inherent to the protocol. Even then a diverse... crap, I can't think of a non-buzzword to use here, landscape, ecosystem, argh. Sorry. Anyway, where was I? More variants means more approaches are likely to be attempted to solving the same problem, hopefully the best one wins and we get the best approach out of several options instead of whatever the single vendor comes up with.

Re:

[Virtucon]

I understand that but in the case of it being Google who has a tendency not to make their technology, like Android, forkable. [arstechnica.com] It's a one way street with them and I wouldn't trust any security implementation blessed by them. If it were Red Hat or even Microsoft I'd trust it more.

Re:

[drinkypoo]

It's a one way street with them and I wouldn't trust any security implementation blessed by them

Good! That should limit uptake, and encourage still more alternatives.

Re:

[Fnord666]

Diversity is good, especially if they wind up diverging and actually being diverse. Not all implementations wind up being vulnerable to the same attacks, except when there are weaknesses inherent to the protocol.

Just be sure that as a developer you write an abstraction layer between the application and the library so that when the interfaces diverge too much you have a single class to rewrite. Diversity in implementations is a good thing. Diversity in the interfaces can be a pain in the butt.

Re:

[drinkypoo]

There are two kinds of people in this world.

Oh no! We need more kinds of people!

Re:Worrysome

[NotBorg]

Why not just help the OpenSSL folks strengthen an already great product

Citation needed.

Re:

[strikethree]

OpenSSL is the swiss army knife of encryption technologies.

It can encrypt data with whatever cipher floats your boat. It can do hashing with whatever algorithm floats your boat. It can do SSL negotiations, it can examine, manipulate, and create X.509 certificates and containers like PKCS etc. Hell, it has all of the tools necessary to build an entire PKI up to and including creating Root Certificate Authorities, managing Certificate Revocation Lists, etc.

There may be vulnerabilities in it, but Oh My God can

Re:

[NotBorg]

Because only positive facts are relevant?

Re: Worrysome

[strikethree]

Because negative facts dominate?

Re:

[NotBorg]

Positive: The device won't cut off your hands.
Negative: The device will cut off your head.

Maybe it's not so bad?
Positive: It won't cut off your head.
Negative: It will cut off your hands.

Still no?
Positive: It won't cut off your head, your kids are entertained and happy because...
Negative: For about 20% of uses shocks the shit outta you.

Still not enough? Ok
Positive: This device is great, doesn't chop off your head or hands and it doesn't shock you.
Negative: After about 3 months of heavy usage a small

because Google doesn't need two major limitations

[raymorris]

> Why not just help the OpenSSL folks strengthen an already great product and assist in regression testing and validation as well?

OpenSSL can't do alot of things they'd like to do because it would break binary compatibility with the old ABI. There are also a number of improvements that would change the API. OpenSSL has committed to sticking with not only the old API, but the old ABI, so you an old program can use the new openssl without even recompiling.

Google isn't restricted by those two things becau

Re:

[Virtucon]

Good points but a lot of speculation on Google's intentions. I think it'll be like everything else they've done for open source. Embrace, Extend and then Emprision (sic) much like "we don't like Java so we'll make our own" It's the Bender philosophy. Sure OpenSSL may have an older API/ABI however what's the driving factor for something new? There's just no way I can trust Google after the NSA revelations and their incessant tracking crap. First it was Facebook and all their damn trackers now Google M

not speculation, see TFA

[raymorris]

It's not speculation at all, I pretty much quoted the discussion that led to the fork. I just added a very brief explanation of the terms ABI and API.

> and I look at any attempt at embracing or forking

It appears that you refused to look at it at all, preferring to apply your preconceived conclusion without bothering to take 60 to read what is happening and why.

Re:

[Virtucon]

I did read that, don't assume. Also don't assume anything Google does is for the benefit of anybody except Google. Google is a business and it still amazes me that people believe, with a straight face, that they won't shaft over everybody if corporate conscious comes between them and a buck.

Re:How does this help?

[bmajik]

Bugs weren't missed in mainline openSSL. Bugs were logged, sat around for years, and didn't get fixed.

The project management and software engineering practices for openSSL were/are simply not acceptable.

The code is salvageable. The people and processes that allowed the code to get that way are not.

"This code under new management"

Re:

[owlstead]

So where is the heartbleed bug report that was ignored?

Re:How does this help?

[jones_supa]

OpenSSL Gets Patch for 4-Year-Old Flaw [eweek.com]

That one had a public CVE sitting for 4 years while nobody took the responsibility to fix it.

Re:

[Electricity Likes Me]

That description isn't very good for the bug: a specially crafted buffer overwrites Alice's data - what? I presume they mean that Bob could takeover Alice's connection, but the description isn't very good.

Moreover, it very much ignores an important issue: just because a bug is spotted, doesn't mean the fix is trivial. In security software the fix might very well open up a different vulnerability.

Debian's SSH flaw was exactly something like this - inappropriately commented weird looking code was removed to "

"Can't trust Google cuz they're NSA buds" = silly

[cyrus0101]

Google makes a lot of money on your data. They mine the crap out of your email. Their CEO has said privacy online is silly since if you've done nothing wrong you have nothing to hide. Summed up: they're indifferent to your sense of privacy. But trust Google to protect it's own interests. It wants to control access to this data. They'll be happy to comply with government requests for data, but on their own terms, and not by willfully subverting the security itself and leaving the door wide open. Being the

Re:

[sasparillascott]

Actually this isn't silly. Intel has compromised CPU instruction set due to NSA influence (whether that was via a secret order or just because they bend over when asked is unknown). Just look at what this Google engineer said:

https://plus.google.com/+Theod... [google.com]

So given the option of getting a back door inserted in the SSL protocol used by a huge chunk of the world - the NSA will try to corrupt it.

If served with a secret order, from a secret court on the desire of the NSA for "national security"

Re:

[cbhacking]

There's no guarantee that Intel was actually compromised, though they would have been an obvious target. More likely that effort was aimed at dedicated hardware RNGs, which have been a thing since well before RDRAND, but the final point of the post (about not trusting RNGs you can't audit) has obvious merit.

Also, while I think I know what you mean, "all 3 SSL protocols" makes no sense. There are currently four SSL/TLS protocols in use (SSL3, TLS1, TLS1.1, TLS1.2) plus a deprecated one (SSL2, which is broken

Re:

[cyrus0101]

I'm not suggesting Google is impervious to coercion, only that the have an incentive to maintain as secure a platform as they are able. They are no more vulnerable to corruption than OpenSSL was (though it could even be argued that their political and economic clout makes them less vulnerable; but I wouldn't get behind that position).

Re:

[hattable]

They'll be happy to comply with government requests for data, but on their own terms, and not by willfully subverting the security itself and leaving the door wide open.

I think people forget that regular ol' poor programming may leave things open--incompetence over malice.

It is hip to be square

[ctime]

For those having a hard time understanding the naming convention,

Boring: Not flashy, not exciting, not experimental, not sexy. Performs as expected.

In other words, exactly how I want my security libraries, my databases, and the other critical infrastructure that runs the planet to be described as. Boring is good. A choice between boring Plain Jane and Simple Sally? Even better. Thank you.

Re:

[owlstead]

Yes, but that's not what this seems to be about:

We have used a number of patches on top of OpenSSL for many years. Some of them have been accepted into the main OpenSSL repository, but many of them don’t mesh with OpenSSL’s guarantee of API and ABI stability and many of them are a little too experimental.

For something that includes experimental patches, *boring* would be an extremely stupid part of the name.

Re:

[Opportunist]

And if they called it snoozeSSL, the name doesn't matter. A name is a designation that should enable us to distinguish it from something of a similar kind, preferably it should be unique to avoid confusion. Since human beings are better at keeping names than numbers (usually, I'm not), we tend to label things with names.

The point is, though, that this name means jack. Whether it is called BoringSSL or SuperspecialawesomeSSL doesn't matter. It is a name. Nothing else. Everything else is just the usual name c

Re:It is hip to be square

[Jiro]

And if they called it snoozeSSL, the name doesn't matter. A name is a designation that should enable us to distinguish it from something of a similar kind...

The point is, though, that this name means jack

So *you're* the guy who named GIMP..

Names actually do matter. Think of a name as a type of user interface, and a bad name as an ugly user interface.

For that matter, think of a name as a way to deal with people, and a poorly named project as showing geekish lack of social skills. Saying "please" serves no function other than making people feel better. It doesn't mean anything more than the name. But that still means a lot, because we're human beings, and doing things with no technological effect is part of how we deal with other human beings.

Re:

[tepples]

Think of a name as a type of user interface, and a bad name as an ugly user interface.

So how would you redesign this aspect of the user interface of, say, the GNU Image Manipulation Program?

Re:

[discord5]

So how would you redesign this aspect of the user interface of, say, the GNU Image Manipulation Program?

Please, let's not mention Gimp and UI in the same sentence unless you're looking for an internet fight.

Re:

[lannocc]

GIMP's UI is OK, but it really requires a hardware graphics tablet to be used properly.

Re:

[LookIntoTheFuture]

Gimp wars! I've gone back in time!

Re:

[Electricity Likes Me]

GNU Image Editor (GIE)

GNU Raster Editing And Touchup (GREAT)

GNU Image Manipulator (GIM)

The last one is the one I'd go with. Simple and straight forward - drop the P, and you lose the weird sexual double entendre while gaining a nice verbage: "that image is a bit big. take it to the gim" "run it through the gim" etc.

OSS seriously needs to be mindful of these things. There's some remote desk manager called "gigolo". Bravo to whoever named that - I can absolutely never install it on my kid's computers.

Re:

[Anonymous Coward]

This. When will (some) programmers learn that humans have an API too, and that they're using it wrong?

Re:

[Kremmy]

That's a reading comprehension issue on the user end.

Certify it

[sinij]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Re:

[rubycodez]

wrong. FIPS certifcation has just been proven to be meaningless, and in fact the reason openssl was such dung. Most FIPS certfied systems have multiple known vulnerabilities now.

Instead, those with a brain will chose the superior alternative being developed, and those in government will have to follow leadership and make a better standard.

Re:

[Anonymous Coward]

And if you do have a FIPS-certified cryptographic system, thanks to the NSA's shenanigans, the rest of the world now views it with disdain and suspicion, so forget about selling anything to anyone who ISN'T a US government agency.

They can make their own damn crypto, or follow the lead of independent cryptographers leading independent research. Appeasing governments is off the menu.

Re:

[swillden]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Right, because Google is irrelevant.

Re:

[Electricity Likes Me]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Right, because Google is irrelevant.

It will be if it can't sell products to the US government.

Re:

[swillden]

Without FIPS certification system engineers won't be able to include BoringSSL in US-government facing applications, since doing so will disqualify them from procurement lists. Since US gov't is largest consumer of cryptographic products in the North American market, BoringSSL must certify or stay irrelevant.

Right, because Google is irrelevant.

It will be if it can't sell products to the US government.

What products does Google sell to the US government? And, in general, it's not like the government is the only customer in the world.

Re:

[swillden]

What products does Google sell to the US government?

You.

A) That's not true. Do you have a citation?

B) Even if it were, it wouldn't be relevant to this thread, in which the claim is that not making BoringSSL FIPS-compliant will somehow make it irrelevant because it would impact Google's ability to sell products to the government. If Google did sell information to the government, the lack of FIPS certification on BoringSSL clearly wouldn't be an obstacle.

Re:

[bill_mcgonigle]

US gov't is largest consumer of cryptographic products in the North American market

This doesn't make any sense. There are more Android phones than government employees, for instance (and thank goodness).

Vis-a-vis LibreSSL - screw FIPS, Dual EC DRBG, and weak NSA coefficients - let the feds use OpenSSL if they want to.

largest doesn't mean the majority

[raymorris]

"Largest consumer" means they buy more than ANYONE else, not more than EVERYONE else.

Does the world's largest man account for over half the weight of all humans? No, he's bigger than any other man, not bigger than all other men put together. A lot of people buy Android phones. Can you name a consumer who buys more than the US government.

Certify it

[sgt scrub]

On the flip side of that, anything with BoringSSL will not be restricted from exporting outside of the U.S. /snark

BorenSSL

[bAdministrator]

Its name was, in fact, Boren.

Cannot Wait

[Chad Smith]

For SameOldSSL and SSLYourWAY

It needs to go the "XWindows path"

[sgt scrub]

I think OpenSSL should be broken up into pieces that work together so different parts can be worked on separately. Needless to say I think the OpenBSD group has the better, more achievable for open source, path for the future of the library. I'm not a hater of all things Google; but, I don't think "in-house" code is a good choice for the GNU parts of Linux/BSDs

Wayne Boring

[tverbeek]

I thought that BoringSSL was named in honor of classic Superman artist Wayne Boring. [wikipedia.org]

compatibility, so you don't rewrite all applicatio

[raymorris]

LibreSSL maintains API and ABI compatibility with OpenSSL, so you can upgrade your encryption without rewriting all of your applications. That's one reason that people in general use LibreSSL rather than something completely different. Also, it's on its way to becoming the most thoroughly audited SSL/TLS library in the world.

Google doesn't mind recompiling their software, so they need only API compatibility, not ABI compatibility.